Security Tests
Security test, also referred to as a penetration test, is a simulation of real attack on information system or its particular elements. The main goal of security tests is to find security vulnerabilities and verify related threats before they are found and exploited by intruders.

A typical security test consists of the following stages:
  • Identification of information system or its elements
  • Vulnerability analysis based on the information gathered
  • Controlled attacks execution and verification of vulnerabilities
  • Final report preparation, consisting of the list of vulnerabilities with assessed threat levels
The security tests that we perform can cover entire information system of an organization – from LAN/WAN networks, through network switches and routers, servers, operating systems, database servers and application servers to end user workstations and mobile devices.

Besides comprehensive security tests of entire information system, we also offer security tests of particular elements of information system, for example: Depending on the agreed range of security test, as well as business needs of Customers, we perform security testing from one or more perspectives:
  • With no knowledge about testing object (“black-box testing”) – for example, from the position of a regular Internet user that does not posses any knowledge about organization and its information systems
  • With partial knowledge about testing object (“gray-box testing”) – for example, from the position of a person aware of systems versions used by the organization
  • With full knowledge about testing object (“white-box testing”) – for example, intrusion of a former employee, who had an access to design schemas, documentation and source code of an application
We can also use elements of social engineering on requests, in order to verify possibilities of personnel manipulation, to circumvent implemented procedures and security countermeasures.

Depending on the goals of penetration tests as well as Customers’ needs, we can perform tests with or without the knowledge of administrators and internal security team of the organization (the so-called "double-blind test"). This kind of test is especially useful to verify, if implemented intruder detection and prevention systems, as well as security procedures do work properly.

Results

The end results of every security test is a detailed report describing discovered vulnerabilities in the tested parts of Customers’ information system.

Typical report consists of:
  • Executive Summary
  • Scope of security tests along with performed actions
  • A list of discovered vulnerabilities
  • Evaluation of vulnerabilities severity, based on the scale agreed with the Customer
  • Proposals for improvements in order to eliminate discovered vulnerabilities
Benefits

Performing security tests brings a lot of benefits for the Customer:
  • Gaining independent, practical evaluation of tested elements security
  • Practical verification of the effectiveness of implemented security measures
  • Practical verification of the effectiveness of intruder detection and intruder prevention systems
  • Verification of adequate personnel reaction in response to performed attacks
  • Detection and possibility of security vulnerabilities elimination before they are found and misused by third parties, causing financial or moral losses for the organization
  • Compliance with the requirement of conducting periodic security tests, resulting from government regulations or business entities (such as, for example, PCI DSS)
Quality guarantee

In order to ensure the highest quality, we conduct security tests on the basis of recognized standards and best security practices (OWASP, OASIS Web Application Security Technical Committee, NIST OSSTMM and others), manual testing and the use of automating tools, continuously improved internal security testing methodology and the current vulnerability databases.
© 2010 Prevenity Sp z o.o. All rights reserved.    Company | Legal information | Contact Us | Site map